🤖 AI Summary
This work addresses a critical security vulnerability in black-box large language model (LLM) services, where users rely on fingerprinting to verify model authenticity. We uncover a novel threat—fingerprint spoofing—and introduce GhostPrint, an attack framework that enables weaker models to efficiently mimic stronger ones at low cost while preserving utility. By combining proxy modeling, reward-ranking fine-tuning, and knowledge distillation, GhostPrint evades state-of-the-art fingerprint detection mechanisms. We formally prove, for the first time, that inherent resource constraints on the user side fundamentally undermine the robustness of existing fingerprinting schemes. Empirical evaluations demonstrate that GhostPrint successfully deceives both static and continuous verification protocols across diverse settings, exposing a fundamental flaw in current LLM service authentication practices.
📝 Abstract
As Large Language Model (LLM) APIs become ubiquitous, users increasingly rely on black-box fingerprinting to verify that providers are serving the advertised premium models. However, these methods may overlook adversarial providers who manipulate model weights to cheat the fingerprint process. We introduce a novel threat termed fingerprint spoofing, where a malicious provider stealthily serves a weaker model that has been parameter-efficiently fine-tuned to mimic a stronger model, thereby evading user-side fingerprinting. We first formally prove that user-side resource constraints (i.e., finite query budgets and weak fingerprinting classifiers) make current fingerprinting vulnerable to fingerprint spoofing. Guided by this theoretical analysis, we propose GhostPrint, a cost-effective attack framework leveraging surrogate modeling, reward-ranked fine-tuning, and knowledge distillation. Extensive evaluations in both static and continual fingerprinting settings demonstrate that GhostPrint allows weak models to consistently bypass representative fingerprint methods while maintaining utility at a low fine-tuning cost, exposing a critical vulnerability in current LLM fingerprinting pipelines.